1. 02 Nov, 2017 3 commits
  2. 19 Oct, 2017 1 commit
  3. 16 Oct, 2017 1 commit
  4. 15 Oct, 2017 4 commits
    • Benjamin Herrenschmidt's avatar
      KVM: PPC: Book3S HV: Add more barriers in XIVE load/unload code · ad98dd1a
      Benjamin Herrenschmidt authored
      On POWER9 systems, we push the VCPU context onto the XIVE (eXternal
      Interrupt Virtualization Engine) hardware when entering a guest,
      and pull the context off the XIVE when exiting the guest.  The push
      is done with cache-inhibited stores, and the pull with cache-inhibited
      loads.
      
      Testing has revealed that it is possible (though very rare) for
      the stores to get reordered with the loads so that we end up with the
      guest VCPU context still loaded on the XIVE after we have exited the
      guest.  When that happens, it is possible for the same VCPU context
      to then get loaded on another CPU, which causes the machine to
      checkstop.
      
      To fix this, we add I/O barrier instructions (eieio) before and
      after the push and pull operations.  As partial compensation for the
      potential slowdown caused by the extra barriers, we remove the eieio
      instructions between the two stores in the push operation, and between
      the two loads in the pull operation.  (The architecture requires
      loads to cache-inhibited, guarded storage to be kept in order, and
      requires stores to cache-inhibited, guarded storage likewise to be
      kept in order, but allows such loads and stores to be reordered with
      respect to each other.)
      Reported-by: default avatarCarol L Soto <clsoto@us.ibm.com>
      Signed-off-by: default avatarPaul Mackerras <paulus@ozlabs.org>
      ad98dd1a
    • Linus Torvalds's avatar
      Merge tag 'char-misc-4.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · ae7df8f9
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here are 4 patches to resolve some char/misc driver issues found these
        past weeks.
      
        One of them is a mei bugfix and another is a new mei device id. There
        is also a hyper-v fix for a reported issue, and a binder issue fix for
        a problem reported by a few people.
      
        All of these have been in my tree for a while, I don't know if
        linux-next is really testing much this month. But 0-day is happy with
        them :)"
      
      * tag 'char-misc-4.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        binder: fix use-after-free in binder_transaction()
        Drivers: hv: vmbus: Fix bugs in rescind handling
        mei: me: add gemini lake devices id
        mei: always use domain runtime pm callbacks.
      ae7df8f9
    • Linus Torvalds's avatar
      Merge tag 'usb-4.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 7a263b16
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are a handful of USB driver fixes for 4.14-rc5.
      
        There is the "usual" usb-serial fixes and device ids, USB gadget
        fixes, and some more fixes found by the fuzz testing that is happening
        on the USB layer right now.
      
        All of these have been in my tree this week with no reported issues"
      
      * tag 'usb-4.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        usb: usbtest: fix NULL pointer dereference
        usb: gadget: configfs: Fix memory leak of interface directory data
        usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options
        usb: misc: usbtest: Fix overflow in usbtest_do_ioctl()
        usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet
        USB: dummy-hcd: Fix deadlock caused by disconnect detection
        usb: phy: tegra: Fix phy suspend for UDC
        USB: serial: console: fix use-after-free after failed setup
        USB: serial: console: fix use-after-free on disconnect
        USB: serial: qcserial: add Dell DW5818, DW5819
        USB: serial: cp210x: add support for ELV TFD500
        USB: serial: cp210x: fix partnum regression
        USB: serial: option: add support for TP-Link LTE module
        USB: serial: ftdi_sio: add id for Cypress WICED dev board
      7a263b16
    • Linus Torvalds's avatar
      Merge tag 'dmaengine-fix-4.14-rc5' of git://git.infradead.org/users/vkoul/slave-dma · 7a23c5ab
      Linus Torvalds authored
      Pull dmaengine fixes from Vinod Koul:
       "Here are fixes for this round
      
         - fix spinlock usage amd fifo response for altera driver
      
         - fix ti crossbar race condition
      
         - fix edma memcpy align"
      
      * tag 'dmaengine-fix-4.14-rc5' of git://git.infradead.org/users/vkoul/slave-dma:
        dmaengine: altera: fix spinlock usage
        dmaengine: altera: fix response FIFO emptying
        dmaengine: ti-dma-crossbar: Fix possible race condition with dma_inuse
        dmaengine: edma: Align the memcpy acnt array size with the transfer
      7a23c5ab
  5. 14 Oct, 2017 15 commits
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e7a36a6e
      Linus Torvalds authored
      Pull x86 fixes from Ingo Molnar:
       "A landry list of fixes:
      
         - fix reboot breakage on some PCID-enabled system
      
         - fix crashes/hangs on some PCID-enabled systems
      
         - fix microcode loading on certain older CPUs
      
         - various unwinder fixes
      
         - extend an APIC quirk to more hardware systems and disable APIC
           related warning on virtualized systems
      
         - various Hyper-V fixes
      
         - a macro definition robustness fix
      
         - remove jprobes IRQ disabling
      
         - various mem-encryption fixes"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/microcode: Do the family check first
        x86/mm: Flush more aggressively in lazy TLB mode
        x86/apic: Update TSC_DEADLINE quirk with additional SKX stepping
        x86/apic: Silence "FW_BUG TSC_DEADLINE disabled due to Errata" on hypervisors
        x86/mm: Disable various instrumentations of mm/mem_encrypt.c and mm/tlb.c
        x86/hyperv: Fix hypercalls with extended CPU ranges for TLB flushing
        x86/hyperv: Don't use percpu areas for pcpu_flush/pcpu_flush_ex structures
        x86/hyperv: Clear vCPU banks between calls to avoid flushing unneeded vCPUs
        x86/unwind: Disable unwinder warnings on 32-bit
        x86/unwind: Align stack pointer in unwinder dump
        x86/unwind: Use MSB for frame pointer encoding on 32-bit
        x86/unwind: Fix dereference of untrusted pointer
        x86/alternatives: Fix alt_max_short macro to really be a max()
        x86/mm/64: Fix reboot interaction with CR4.PCIDE
        kprobes/x86: Remove IRQ disabling from jprobe handlers
        kprobes/x86: Set up frame pointer in kprobe trampoline
      e7a36a6e
    • Linus Torvalds's avatar
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · a339b351
      Linus Torvalds authored
      Pull scheduler fixes from Ingo Molnar:
       "Three fixes that address an SMP balancing performance regression"
      
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/core: Ensure load_balance() respects the active_mask
        sched/core: Address more wake_affine() regressions
        sched/core: Fix wake_affine() performance regression
      a339b351
    • Linus Torvalds's avatar
      Merge branch 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 7b764ced
      Linus Torvalds authored
      Pull RAS fixes from Ingo Molnar:
       "A boot parameter fix, plus a header export fix"
      
      * 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/mce: Hide mca_cfg
        RAS/CEC: Use the right length for "cec_disable"
      7b764ced
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 26c923ab
      Linus Torvalds authored
      Pull perf fixes from Ingo Molnar:
       "Some tooling fixes plus three kernel fixes: a memory leak fix, a
        statistics fix and a crash fix"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/intel/uncore: Fix memory leaks on allocation failures
        perf/core: Fix cgroup time when scheduling descendants
        perf/core: Avoid freeing static PMU contexts when PMU is unregistered
        tools include uapi bpf.h: Sync kernel ABI header with tooling header
        perf pmu: Unbreak perf record for arm/arm64 with events with explicit PMU
        perf script: Add missing separator for "-F ip,brstack" (and brstackoff)
        perf callchain: Compare dsos (as well) for CCKEY_FUNCTION
      26c923ab
    • Linus Torvalds's avatar
      Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 60a6ca6c
      Linus Torvalds authored
      Pull locking fixes from Ingo Molnar:
       "Two lockdep fixes for bugs introduced by the cross-release dependency
        tracking feature - plus a commit that disables it because performance
        regressed in an absymal fashion on some systems"
      
      * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        locking/lockdep: Disable cross-release features for now
        locking/selftest: Avoid false BUG report
        locking/lockdep: Fix stacktrace mess
      60a6ca6c
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 2b34218e
      Linus Torvalds authored
      Pull irq fixes from Ingo Molnar:
       "A CPU hotplug related fix, plus two related sanity checks"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        genirq/cpuhotplug: Enforce affinity setting on startup of managed irqs
        genirq/cpuhotplug: Add sanity check for effective affinity mask
        genirq: Warn when effective affinity is not updated
      2b34218e
    • Linus Torvalds's avatar
      Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · a515d05e
      Linus Torvalds authored
      Pull objtool fix from Ingo Molnar:
       "A single objtool fix: avoid silently broken ORC debuginfo builds and
        error out instead"
      
      * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        objtool: Upgrade libelf-devel warning to error for CONFIG_ORC_UNWINDER
      a515d05e
    • Borislav Petkov's avatar
      x86/microcode: Do the family check first · 1f161f67
      Borislav Petkov authored
      On CPUs like AMD's Geode, for example, we shouldn't even try to load
      microcode because they do not support the modern microcode loading
      interface.
      
      However, we do the family check *after* the other checks whether the
      loader has been disabled on the command line or whether we're running in
      a guest.
      
      So move the family checks first in order to exit early if we're being
      loaded on an unsupported family.
      Reported-and-tested-by: default avatarSven Glodowski <glodi1@arcor.de>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Cc: <stable@vger.kernel.org> # 4.11..
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Link: http://bugzilla.suse.com/show_bug.cgi?id=1061396
      Link: http://lkml.kernel.org/r/20171012112316.977-1-bp@alien8.deSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      1f161f67
    • Ingo Molnar's avatar
      locking/lockdep: Disable cross-release features for now · b483cf3b
      Ingo Molnar authored
      Johan Hovold reported a big lockdep slowdown on his system, caused by lockdep:
      
      > I had noticed that the BeagleBone Black boot time appeared to have
      > increased significantly with 4.14 and yesterday I finally had time to
      > investigate it.
      >
      > Boot time (from "Linux version" to login prompt) had in fact doubled
      > since 4.13 where it took 17 seconds (with my current config) compared to
      > the 35 seconds I now see with 4.14-rc4.
      >
      > I quick bisect pointed to lockdep and specifically the following commit:
      >
      >	28a903f6 ("locking/lockdep: Handle non(or multi)-acquisition of a crosslock")
      
      Because the final v4.14 release is close, disable the cross-release lockdep
      features for now.
      Bisected-by: default avatarJohan Hovold <johan@kernel.org>
      Debugged-by: default avatarJohan Hovold <johan@kernel.org>
      Reported-by: default avatarJohan Hovold <johan@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Byungchul Park <byungchul.park@lge.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tony Lindgren <tony@atomide.com>
      Cc: kernel-team@lge.com
      Cc: linux-arm-kernel@lists.infradead.org
      Cc: linux-mm@kvack.org
      Cc: linux-omap@vger.kernel.org
      Link: http://lkml.kernel.org/r/20171014072659.f2yr6mhm5ha3eou7@gmail.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      b483cf3b
    • Linus Torvalds's avatar
      Merge branch '4.14-fixes' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · be1f16ba
      Linus Torvalds authored
      Pull MIPS fixes from Ralf Baechle:
       "More MIPS fixes for 4.14:
      
         - Loongson 1: Set the default number of RX and TX queues to
           accomodate for recent changes of stmmac driver.
      
         - BPF: Fix uninitialised target compiler error.
      
         - Fix cmpxchg on 32 bit signed ints for 64 bit kernels with
           !kernel_uses_llsc
      
         - Fix generic-board-config.sh for builds using O=
      
         - Remove pr_err() calls from fpu_emu() for a case which is not a
           kernel error"
      
      * '4.14-fixes' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: math-emu: Remove pr_err() calls from fpu_emu()
        MIPS: Fix generic-board-config.sh for builds using O=
        MIPS: Fix cmpxchg on 32b signed ints for 64b kernel with !kernel_uses_llsc
        MIPS: loongson1: set default number of rx and tx queues for stmmac
        MIPS: bpf: Fix uninitialised target compiler error
      be1f16ba
    • Andy Lutomirski's avatar
      x86/mm: Flush more aggressively in lazy TLB mode · b956575b
      Andy Lutomirski authored
      Since commit:
      
        94b1b03b ("x86/mm: Rework lazy TLB mode and TLB freshness tracking")
      
      x86's lazy TLB mode has been all the way lazy: when running a kernel thread
      (including the idle thread), the kernel keeps using the last user mm's
      page tables without attempting to maintain user TLB coherence at all.
      
      From a pure semantic perspective, this is fine -- kernel threads won't
      attempt to access user pages, so having stale TLB entries doesn't matter.
      
      Unfortunately, I forgot about a subtlety.  By skipping TLB flushes,
      we also allow any paging-structure caches that may exist on the CPU
      to become incoherent.  This means that we can have a
      paging-structure cache entry that references a freed page table, and
      the CPU is within its rights to do a speculative page walk starting
      at the freed page table.
      
      I can imagine this causing two different problems:
      
       - A speculative page walk starting from a bogus page table could read
         IO addresses.  I haven't seen any reports of this causing problems.
      
       - A speculative page walk that involves a bogus page table can install
         garbage in the TLB.  Such garbage would always be at a user VA, but
         some AMD CPUs have logic that triggers a machine check when it notices
         these bogus entries.  I've seen a couple reports of this.
      
      Boris further explains the failure mode:
      
      > It is actually more of an optimization which assumes that paging-structure
      > entries are in WB DRAM:
      >
      > "TlbCacheDis: cacheable memory disable. Read-write. 0=Enables
      > performance optimization that assumes PML4, PDP, PDE, and PTE entries
      > are in cacheable WB-DRAM; memory type checks may be bypassed, and
      > addresses outside of WB-DRAM may result in undefined behavior or NB
      > protocol errors. 1=Disables performance optimization and allows PML4,
      > PDP, PDE and PTE entries to be in any memory type. Operating systems
      > that maintain page tables in memory types other than WB- DRAM must set
      > TlbCacheDis to insure proper operation."
      >
      > The MCE generated is an NB protocol error to signal that
      >
      > "Link: A specific coherent-only packet from a CPU was issued to an
      > IO link. This may be caused by software which addresses page table
      > structures in a memory type other than cacheable WB-DRAM without
      > properly configuring MSRC001_0015[TlbCacheDis]. This may occur, for
      > example, when page table structure addresses are above top of memory. In
      > such cases, the NB will generate an MCE if it sees a mismatch between
      > the memory operation generated by the core and the link type."
      >
      > I'm assuming coherent-only packets don't go out on IO links, thus the
      > error.
      
      To fix this, reinstate TLB coherence in lazy mode.  With this patch
      applied, we do it in one of two ways:
      
       - If we have PCID, we simply switch back to init_mm's page tables
         when we enter a kernel thread -- this seems to be quite cheap
         except for the cost of serializing the CPU.
      
       - If we don't have PCID, then we set a flag and switch to init_mm
         the first time we would otherwise need to flush the TLB.
      
      The /sys/kernel/debug/x86/tlb_use_lazy_mode debug switch can be changed
      to override the default mode for benchmarking.
      
      In theory, we could optimize this better by only flushing the TLB in
      lazy CPUs when a page table is freed.  Doing that would require
      auditing the mm code to make sure that all page table freeing goes
      through tlb_remove_page() as well as reworking some data structures
      to implement the improved flush logic.
      Reported-by: default avatarMarkus Trippelsdorf <markus@trippelsdorf.de>
      Reported-by: default avatarAdam Borowski <kilobyte@angband.pl>
      Signed-off-by: default avatarAndy Lutomirski <luto@kernel.org>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Brian Gerst <brgerst@gmail.com>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Cc: Eric Biggers <ebiggers@google.com>
      Cc: Johannes Hirte <johannes.hirte@datenkhaos.de>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Nadav Amit <nadav.amit@gmail.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Roman Kagan <rkagan@virtuozzo.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Fixes: 94b1b03b ("x86/mm: Rework lazy TLB mode and TLB freshness tracking")
      Link: http://lkml.kernel.org/r/20171009170231.fkpraqokz6e4zeco@pd.tnicSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      b956575b
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-for-v4.14-rc5' of git://people.freedesktop.org/~airlied/linux · 9aa0d2dd
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Couple of the arm people seem to wake up so this has imx and msm
        fixes, along with a bunch of i915 stable bounds fixes and an amdgpu
        regression fix.
      
        All seems pretty okay for now"
      
      * tag 'drm-fixes-for-v4.14-rc5' of git://people.freedesktop.org/~airlied/linux:
        drm/msm: fix _NO_IMPLICIT fencing case
        drm/msm: fix error path cleanup
        drm/msm/mdp5: Remove extra pm_runtime_put call in mdp5_crtc_cursor_set()
        drm/msm/dsi: Use correct pm_runtime_put variant during host_init
        drm/msm: fix return value check in _msm_gem_kernel_new()
        drm/msm: use proper memory barriers for updating tail/head
        drm/msm/mdp5: add missing max size for 8x74 v1
        drm/amdgpu: fix placement flags in amdgpu_ttm_bind
        drm/i915/bios: parse DDI ports also for CHV for HDMI DDC pin and DP AUX channel
        gpu: ipu-v3: pre: implement workaround for ERR009624
        gpu: ipu-v3: prg: wait for double buffers to be filled on channel startup
        gpu: ipu-v3: Allow channel burst locking on i.MX6 only
        drm/i915: Read timings from the correct transcoder in intel_crtc_mode_get()
        drm/i915: Order two completing nop_submit_request
        drm/i915: Silence compiler warning for hsw_power_well_enable()
        drm/i915: Use crtc_state_is_legacy_gamma in intel_color_check
        drm/i915/edp: Increase the T12 delay quirk to 1300ms
        drm/i915/edp: Get the Panel Power Off timestamp after panel is off
        sync_file: Return consistent status in SYNC_IOC_FILE_INFO
        drm/atomic: Unref duplicated drm_atomic_state in drm_atomic_helper_resume()
      9aa0d2dd
    • Alexey Kardashevskiy's avatar
      KVM: PPC: Book3S: Protect kvmppc_gpa_to_ua() with SRCU · 8f6a9f0d
      Alexey Kardashevskiy authored
      kvmppc_gpa_to_ua() accesses KVM memory slot array via
      srcu_dereference_check() and this produces warnings from RCU like below.
      
      This extends the existing srcu_read_lock/unlock to cover that
      kvmppc_gpa_to_ua() as well.
      
      We did not hit this before as this lock is not needed for the realmode
      handlers and hash guests would use the realmode path all the time;
      however the radix guests are always redirected to the virtual mode
      handlers and hence the warning.
      
      [   68.253798] ./include/linux/kvm_host.h:575 suspicious rcu_dereference_check() usage!
      [   68.253799]
                     other info that might help us debug this:
      
      [   68.253802]
                     rcu_scheduler_active = 2, debug_locks = 1
      [   68.253804] 1 lock held by qemu-system-ppc/6413:
      [   68.253806]  #0:  (&vcpu->mutex){+.+.}, at: [<c00800000e3c22f4>] vcpu_load+0x3c/0xc0 [kvm]
      [   68.253826]
                     stack backtrace:
      [   68.253830] CPU: 92 PID: 6413 Comm: qemu-system-ppc Tainted: G        W       4.14.0-rc3-00553-g432dcba58e9c-dirty #72
      [   68.253833] Call Trace:
      [   68.253839] [c000000fd3d9f790] [c000000000b7fcc8] dump_stack+0xe8/0x160 (unreliable)
      [   68.253845] [c000000fd3d9f7d0] [c0000000001924c0] lockdep_rcu_suspicious+0x110/0x180
      [   68.253851] [c000000fd3d9f850] [c0000000000e825c] kvmppc_gpa_to_ua+0x26c/0x2b0
      [   68.253858] [c000000fd3d9f8b0] [c00800000e3e1984] kvmppc_h_put_tce+0x12c/0x2a0 [kvm]
      
      Fixes: 121f80ba ("KVM: PPC: VFIO: Add in-kernel acceleration for VFIO")
      Cc: stable@vger.kernel.org # v4.12+
      Signed-off-by: default avatarAlexey Kardashevskiy <aik@ozlabs.ru>
      Signed-off-by: default avatarPaul Mackerras <paulus@ozlabs.org>
      8f6a9f0d
    • Nicholas Piggin's avatar
      KVM: PPC: Book3S HV: POWER9 more doorbell fixes · 2cde3716
      Nicholas Piggin authored
      - Add another case where msgsync is required.
      - Required barrier sequence for global doorbells is msgsync ; lwsync
      
      When msgsnd is used for IPIs to other cores, msgsync must be executed by
      the target to order stores performed on the source before its msgsnd
      (provided the source executes the appropriate sync).
      
      Fixes: 1704a81c ("KVM: PPC: Book3S HV: Use msgsnd for IPIs to other cores on POWER9")
      Cc: stable@vger.kernel.org # v4.10+
      Signed-off-by: default avatarNicholas Piggin <npiggin@gmail.com>
      Signed-off-by: default avatarPaul Mackerras <paulus@ozlabs.org>
      2cde3716
    • Greg Kurz's avatar
      KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM · ac64115a
      Greg Kurz authored
      The following program causes a kernel oops:
      
      #include <sys/types.h>
      #include <sys/stat.h>
      #include <fcntl.h>
      #include <sys/ioctl.h>
      #include <linux/kvm.h>
      
      main()
      {
          int fd = open("/dev/kvm", O_RDWR);
          ioctl(fd, KVM_CHECK_EXTENSION, KVM_CAP_PPC_HTM);
      }
      
      This happens because when using the global KVM fd with
      KVM_CHECK_EXTENSION, kvm_vm_ioctl_check_extension() gets
      called with a NULL kvm argument, which gets dereferenced
      in is_kvmppc_hv_enabled(). Spotted while reading the code.
      
      Let's use the hv_enabled fallback variable, like everywhere
      else in this function.
      
      Fixes: 23528bb2 ("KVM: PPC: Introduce KVM_CAP_PPC_HTM")
      Cc: stable@vger.kernel.org # v4.7+
      Signed-off-by: default avatarGreg Kurz <groug@kaod.org>
      Reviewed-by: default avatarDavid Gibson <david@gibson.dropbear.id.au>
      Reviewed-by: default avatarThomas Huth <thuth@redhat.com>
      Signed-off-by: default avatarPaul Mackerras <paulus@ozlabs.org>
      ac64115a
  6. 13 Oct, 2017 16 commits